View Azure DDoS Protection alerts in Microsoft Defender for Cloud
Microsoft Defender for Cloud provides a list of security alerts, with information to help investigate and remediate problems. With this feature, you get a unified view of alerts - including DDoS attack-related alerts - and the actions to take to mitigate the attack.
In this tutorial, you learn how to:
- View Azure DDoS Protection alerts in Microsoft Defender for Cloud.
There are two specific alerts that you'll see for any DDoS attack detection and mitigation:
- DDoS Attack detected for Public IP: This alert is generated when the DDoS protection service detects that one of your public IP addresses is the target of a DDoS attack.
- DDoS Attack mitigated for Public IP: This alert is generated when an attack on the public IP address has been mitigated.
To view the alerts, open Defender for Cloud in the Azure portal and select Security alerts. The following screenshot shows an example of the DDoS attack alerts.
- An Azure account with an active subscription. Create an account for free.
- DDoS Network Protection must be enabled on a virtual network or DDoS IP Protection must be enabled on a public IP address.
View alerts in Microsoft Defender for Cloud
Sign in to the Azure portal.
In the search box at the top of the portal, enter Microsoft Defender for Cloud. Select Microsoft Defender for Cloud from the search results.
From the side menu, select Security alerts. To filter the alerts list, select your subscription, or any of the relevant filters. You can optionally add filters with the Add filter option.
The alerts include general information about the public IP address that’s under attack, geo and threat intelligence information, and remediation steps.
In this tutorial you learned how to view DDoS protection alerts in Microsoft Defender for Cloud. To learn more about the recommended steps to take when you receive an alert, see these next steps.